Purpose

The Privacy Policy ensures that members of the public have access to information about the operations of the FFPLTC, and to their own Personal Information held by the FFPLTC, in accordance with the access provisions of MFIPPA.

Personal Information

Definition

In the FFPLTC context, this could include information on a user’s borrowing habits, as well as information related to computer use, including sign-up sheets and information on Internet use.

Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her Personal Information, and shall be given access to that information.

Challenges

An individual shall be able to challenge the accuracy and completeness of their Personal Information and have it amended as appropriate.

An individual shall be able to address a challenge concerning compliance with the principles of the Privacy Policy to the CEO.

Confidentiality

The privacy of an individual’s Personal Information is protected in compliance with the privacy provisions of MFIPPA.

The FFPLTC recognizes that the users' choice of materials they borrow and websites they visit is a private matter. The FFPLTC will therefore make every reasonable effort to ensure that Personal Information about its users and their use of FFPLTC materials, services and programs remains confidential.

Collection of Personal Information

Purpose

The purposes for which Personal Information is collected shall be identified by the FFPLTC at, or before, the time the information is collected.

Limitation

The collection of Personal Information shall be limited to that which is necessary for the proper administration of the FFPLTC and the provision of FFPLTC services and programs.

Accuracy

Records shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used.

Security

Records shall be protected by security safeguards appropriate to the sensitivity of the information.

Storage Devices

Storage Devices that are not in use should be stored securely in a locked receptacle located in a controlled-access area.

Used Storage Devices should be dated and labeled with a unique, sequential number or other verifiable symbol.

Access to Storage Devices should be limited to authorized personnel.

Retention

The FFPLTC will not retain any Records related to items borrowed or requested by a user, or pertaining to a user’s on-line activity, longer than is necessary for the provision of FFPLTC services and programs.

Used Records

The FFPLTC will store and retain Storage Devices required for evidentiary purposes according to standard procedures until law enforcement authorities request them.

Section 5 of Ontario Regulation 823 under MFIPPA requires that Records used for law enforcement, branch, or public safety purposes be retained for one year from the date of disclosure.

Disposal

Old Storage Devices must be securely disposed of in such a way that Records cannot be reconstructed or retrieved.

Disposal methods could include shredding, burning or magnetically erasing Records.

A record of the disposal of any Storage Device is to be completed and retained.

Release of Personal Information

Audit

Review

In the event of a reported or observed incident, review of Records may be used to assist in the investigation of the incident.

Release to Subjects

Any patron, FFPLTC Staff member or member of the public has a general right of access to his or her Personal Information under section 36 of MFIPPA.

Personal Information will not be disclosed if:

The CEO determines that disclosure would constitute an unjustified invasion of another individual’s privacy, consistent with section 38(b) of MFIPPA,which grants the head of an institution the discretionary power to refuse access in these circumstances.

As such, access to an individual’s own Personal Information in these circumstances may depend upon whether any exempt information can be reasonably severed from the record.

One way in which this may be achieved is through digitally “blacking out” the images, where technically possible, of other individuals whose images appear in the Record.

The CEO determines that a request is frivolous or vexatious.

Given reasonable grounds, a request for access to a Record is frivolous or vexatious if:

It is part of a pattern of conduct that amounts to an abuse of the right of access

It would interfere with the operations of the facility

It is made in bad faith

It is made for a purpose other than to obtain access to the requested Records

Release to Third Parties

The FFPLTC will not disclose Personal Information to any third party without obtaining consent to do so, subject to certain exemptions as provided by MFIPPA.

Information will be disclosed only:

To a parent or guardian of a person up to 16 years of age

Upon the presentation of a search warrant

To police in the absence of a search warrant to aid an investigation (at the CEO’s discretion)

In compassionate circumstances to facilitate contact with next of kin, or a friend, of an individual who is injured, ill or deceased

Forms

An Information Request form must be completed before any Record is disclosed to appropriate individuals.

Recorded information about an identifiable individual, which includes, but is not limited to, information relating to an individual's race, colour, national or ethnic origin, sex and age. Therefore, a simple image on a video surveillance system that is clear enough to identify a person, or the activities in which he or she is engaged in, will be classified as "personal information" under the Act.

Any information, however recorded, whether in printed form, on film, by electronic means or otherwise, and includes: a photograph, a film, a microfilm, a microfiche, a videotape, a machine-readable record, and any record that is capable of being produced from a machine-readable record.